Configuring the System error or event log (syslog)

Syslog is a standard for computer message logging and integrates log data from many different types of systems into a central repository.


Root user authority is required on UNIX operating systems.


The program of the syslog is syslogd, that is, syslog daemon. The configuration file /etc/syslog.conf is used to control the output of syslogd. The user has to configure the log configuration file (/etc/syslog.conf) and each line in the configuration file must consist of the first two parts below:
  1. A selector to determine the log message priorities which is the facility.priority pair.
  2. A log destination (file path) for the above selector.
  3. Rotation (optional)
The facility must be one of the values from the following list:
  • kern - kernel messages
  • user - random user-level messages (recommended for the db2audit extract command)
  • mail - mail system messages
  • daemon - system daemons
  • auth - security/authorization messages (recommended for the db2audit extract command)
  • syslog - messages generated internally by syslogd
  • lpr - line printer subsystem
  • news - news subsystem
  • uucp - uucp subsystem
  • cron - clock daemon
  • caa - Cluster aware AIX® subsystem
  • local0 ~ local7 - reserved for local use (recommended for the db2audit extract command)
  • * - (all facilities- used only in the configuration file and not in the commands or API)
The priority must be one of the values from the following list (from high to low) :
  • emerg or panic - system is unusable
  • alert - action must be taken immediately
  • crit - critical conditions
  • err or error - error conditions
  • warn or warning - warning conditions
  • notice - normal but significant condition
  • info - informational
  • debug - debug-level messages
Syslog messages are logged usually in the format:

date time hostname facility:priority username: message_body.

All items before the message_body are metadata, for example:

Oct 10 12:05:23 hotel37 mail:err newton: The user newton just got a mail error.


The following example shows the facility.priority sample configuration lines in the /etc/syslog.conf file:  /var/log/db2/user_messages.log
User messages at info or higher priority go to the /var/log/db2/user_messages.log.
mail.crit  /dev/console
Mail messages at crit or higher priority go to the console.
 *.debug /var/log/all_messages.log
All facilities at debug or higher priority go to/var/log/all_messages.log.
Authorization messages at warning or higher priority are forwarded by the local syslog daemon (syslogd) to the syslog daemon (syslogd) on host123 machine.